Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-5372

User with a role not declared on RBAC, can access the console

XMLWordPrintable

    • False
    • False
    • User Experience
    • undefined
    • Hide

      1. Create a broker with default values

      $ /path/to/amq782/bin/artemis create /tmp/broker782 --user admin --password admin --allow-anonymous

      2. Add an additional user and role to broker
      $ printf "\nreadonly=reader" >> /tmp/broker782/etc/artemis-roles.properties
      $ printf "\nreader=reader" >> /tmp/broker782/etc/artemis-users.properties

      3. Start broker
      $ /tmp/broker782/bin/artemis run

      4. Try to access Management Console on http://localhost:8161 with these credentials:
      Username: reader
      Password: reader

      5. User "reader" can read information on the left side on the screen

      Show
      1. Create a broker with default values $ /path/to/amq782/bin/artemis create /tmp/broker782 --user admin --password admin --allow-anonymous 2. Add an additional user and role to broker $ printf "\nreadonly=reader" >> /tmp/broker782/etc/artemis-roles.properties $ printf "\nreader=reader" >> /tmp/broker782/etc/artemis-users.properties 3. Start broker $ /tmp/broker782/bin/artemis run 4. Try to access Management Console on http://localhost:8161 with these credentials: Username: reader Password: reader 5. User "reader" can read information on the left side on the screen

      If I add an additional user and role to the broker, and without adding this role to RBAC settings or Hawtio enabled roles, any user having this role is able to enter into the Management Console, and can read some information from queues at the left side of the screen (queues names, queue types, acceptors, etc.)

      He should not be able to ever access the Management console

              rh-ee-ataylor Andy Taylor
              rhn-support-anarvaez Alfredo Narvaez
              Oleg Sushchenko Oleg Sushchenko
              Mudassar Iqbal (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: